Figure 33
Here you will enter the external IP address (if it is not the existing external IP address of the
firewall). The translation method to be selected is static. Clicking OK will automatically create
the necessary NAT rule shown below.
Figure 34
Static Route
Most installations of Check Point AIR55 require a static route. This route will send all traffic from
the public IP address for the SonicWALL SSL-VPN to the internal IP address.
#route add 64.41.140.167 netmask 255.255.255.255 192.168.100.2
ARP
Check Point AIR55 contains a feature called auto-ARP creation. This feature will automatically
add an ARP entry for a secondary external IP address (the public IP address of the SonicWALL
SSL-VPN). If running Check Point on a Nokia security platform, Nokia recommends that users
disable this feature. As a result, the ARP entry for the external IP address must be added
manually within the Nokia Voyager interface.
Finally, a traffic or policy rule is required for all traffic to flow from the Internet to the SonicWALL
SSL-VPN.
Check Point NAT Properties Dialog Box
Check Point NAT Rule Window
SonicWALL SSL VPN 4.0 Administrator's Guide
Check Point AIR 55
285